Friday, July 8, 2016

How to integrate ClamAV into PureFTPd for virus scanning on CentOS 7

This tutorial explains how you can integrate ClamAV into PureFTPd for
virus scanning on a CentOS 7 system. In the end, whenever a file gets
uploaded through PureFTPd, ClamAV will check the file and delete it if
it contains a virus or malware.

3 Configuring PureFTPd

First we open /etc/pure-ftpd/pure-ftpd.conf and set CallUploadScript to yes :

nano /etc/pure-ftpd/pure-ftpd.conf

[...]
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.
# Don't enable this option if you don't actually use pure-uploadscript.
CallUploadScript yes
[...]

Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...

Now we start the pure-uploadscript program as a daemon - it will call our /etc/pure-ftpd/clamav_check.sh script whenever a file is uploaded through PureFTPd:

pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh

Of course, you don't want to start the daemon manually each time you boot the system - therefore we open /etc/rc.local...

nano /etc/rc.local

... and add the line /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh to it - e.g. as follows:

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh
touch /var/lock/subsys/local

Finally we restart PureFTPd:

systemctl restart clamd@.service

That's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.

4 Virtual Machine image

This tutorial is available as ready to use virtual machine in OVA / OVF format for Howtoforge subscribers. The VM format is compatible with VMWare and Virtualbox and other tools that can import this format. You can find the download link in the right menu on the top. Click on the filename to start the download.
The login details of the VM are:

SSH Login

Username: rootPassword: howtoforge

MariaDB Login

Username: rootPassword: howtoforgePlease change the passwords after the first boot.